Spring Flex

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-3203	Deserialization of Untrusted Data vulnerability in Pivotal Spring-Flex The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. network pivotal CWE-502	6.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.